uniqueusername uniqueusername - 3 years ago 173
Node.js Question

Prevent user from injecting javascript/markup into element

I'm attempting to write a chat server and I've come across the issue that if someone puts markup in their messages e.g.

<strong>blah</strong>
then the message will send with bold text. Someone could take it further by putting scripts in their message. I'm not sure how I can avoid this.

Answer Source

You need to filter your input to take out unwanted tags. There really isn"t much else to it.

Recommended from our users: Dynamic Network Monitoring from WhatsUp Gold from IPSwitch. Free Download